Before I respond, I should preface this message by noting that this is probably 
no longer a development question (or at
least, it is starting to become tangential), so I'm happy to repost this to 
openldap-software if desired.  I just didn't
want to do that without verifying that it would not be considered as 
cross-posting.

Howard Chu wrote:
> Ryan Steele wrote:
>> Hey folks,
> 
> You have no idea what you're talking about, and pcache doesn't work as
> you describe. Nor does "id" or nss for that matter.

I've got no problem being be told I'm wrong, and welcome the chance to learn in 
the process.  If you're right (and I've
got no doubt you are given your knowledge of the subject is far deeper than my 
own), and the second half of my response
clears up the confusion with respect to the semantics of attributes versus 
filters in this context, how can you explain
the behavior in the following slapd output?  When slapd receives a query in 
which an attribute list is specified,
everything works; when it doesn't, the call to "id" hangs.  The only difference 
I can discern from the output is that
the second query is missing an attribute list.  This is, in fact, what happens 
when I run "id ryans".  When I firewall
off the LDAP server, the id call hangs when it gets to the query in which there 
is no "SRCH attr", which causes the
request to be proxied out to my remote LDAP server (an occurrence for which the 
evidence is documented below).  I have
more complete logs if you cannot make a determination from what I provide here:

## query with SRCH attr specified
conn=1 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 
filter="(&(objectClass=posixAccount)(uid=ryans))"
conn=1 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory 
loginShell gecos description objectClass
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=posixAccount)(uid=ryans))
Lock QC index = 0x7f6b83aa8d10
Not answerable: Unlock QC index=0x7f6b83aa8d10
QUERY NOT ANSWERABLE
QUERY CACHEABLE


## same query with no SRCH attr specified
conn=1 op=3 SRCH base="dc=aweber,dc=com" scope=2 deref=0 
filter="(&(objectClass=posixAccount)(uid=ryans))"
query template of incoming query = (&(objectClass=)(uid=))
QUERY NOT ANSWERABLE
QUERY NOT CACHEABLE
ldap_create
ldap_url_parse_ext(ldap://remotehost.example.com)
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP remotehost.example.com:389


> 
> It is illegal for an LDAP search to have an empty filter. Go back and
> read RFC 4511 before posting nonsense like this.


I have read the RFC.  I simply used the incorrect terminology - what I meant 
is, it has an empty attribute list, as
denoted by the post above.  I'll be more careful when articulating issues in 
the future to avoid this sort of
miscommunication and/or confusion.  And again, if you would like me to change 
the venue to openldap-software, I'm more
than happy to repost it there, I just didn't want to cross-post before 
confirming.


Cheers,
Ryan

Reply via email to